Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Government Admits Privacy Errors

The Department of Homeland Security has conceded a potentially serious privacy issue that existed as part of an anti-terrorism program that combined personal information of air travelers in the United States with consumer database profiles and compared those records with lists of suspected terrorists.

In a report posted on the agencys Web site the week of Dec. 18, the DHS Privacy Office admitted it inadvertently forwarded detailed personal profiles of U.S. airline passengers to the federal governments Transportation Security Administration despite promising not to do so when the program, called Secure Flight, was introduced in September 2004.

When the effort was launched as a replacement for the DHS Computer-Assisted Passenger Prescreening System, the TSA vowed to steer clear of the records involved in Secure Flight, recognizing the potential civil-liberties conflicts that could arise from sharing such information. A range of privacy rights groups had concerns over the programs potential impact on U.S. citizens freedom to travel.

The individual files created for Secure Flight are considered particularly sensitive because they contain not only the personal information of all fliers traveling domestically during the month of June 2004 (gathered from airline passenger screening systems) but also data aggregated about those people from three major U.S. consumer database companies—Acxiom, InsightAmerica and Qsent.

Further reading

Secure Flight was eventually shut down in February 2006 due to privacy concerns, including a report from federal auditors that month that found some 82 security vulnerabilities in the software being used to store and protect the data.

In the Dec. 18 report, the DHS admitted that it mistakenly included some of the Secure Flight passenger records in its updates on the program sent to the TSA. The roughly 42,000 individual profiles included travelers names, addresses and birth dates, as well as an unspecified number of records, including Social Security numbers.

The latest report marks the second time Secure Flight has been singled out for potential privacy problems. In June 2005, as part of its routine oversight, the Government Accountability Office reported a separate set of concerns it had over the handling of records sent to the TSA. Based on those findings, DHS officials agreed to offer more details about the overall privacy implications of Secure Flight.

Under the revised parameters of Secure Flight, the DHS first reported publicly that the contractor hired to aggregate the consumer records, EagleForce Associates, had bought and held the data on the 2004 travelers, along with the information of other individuals whose names were variations of the actual passengers, for analytical purposes. The agency also admitted that data from the airlines and consumer profiles was being combined into single files, called PNRs (passenger name records).

The analysis specifically rebukes the agency for ignoring its initial promise to erect "strict firewalls" between the parties involved in the various aspects of the project to protect personally identifiable data, and it singles out the so-called privacy notices sent to the TSA, which included the sensitive information, as the most significant source of concern.

"The inconsistency between the descriptions in the 2004 notices and what occurred in the actual test was clearly not intentional, but appears to be the result of either a misunderstanding of the test protocols or a change in circumstances between what was intended to be tested," the DHS report said.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.